security: load trust anchor from QT resources
Change-Id: I35b0ee54dbbb2218ec7db60d21afe7ec4976ae27
diff --git a/src/contact-manager.cpp b/src/contact-manager.cpp
index 7be5017..74f84fa 100644
--- a/src/contact-manager.cpp
+++ b/src/contact-manager.cpp
@@ -14,6 +14,7 @@
#include "contact-manager.h"
#include <QStringList>
+#include <QFile>
#ifndef Q_MOC_RUN
#include <ndn-cpp-dev/util/crypto.hpp>
@@ -23,6 +24,7 @@
#include <cryptopp/base64.h>
#include <cryptopp/files.h>
#include <cryptopp/sha.h>
+#include <cryptopp/filters.h>
#include <boost/asio.hpp>
#include <boost/tokenizer.hpp>
#include <boost/filesystem.hpp>
@@ -52,11 +54,55 @@
{}
// private methods
+shared_ptr<IdentityCertificate>
+ContactManager::loadTrustAnchor()
+{
+ shared_ptr<IdentityCertificate> anchor;
+
+ QFile anchorFile(":/security/anchor.cert");
+
+ if (!anchorFile.open(QIODevice::ReadOnly))
+ {
+ emit warning(QString("Cannot load trust anchor!"));
+
+ return anchor;
+ }
+
+ qint64 fileSize = anchorFile.size();
+ char* buf = new char[fileSize];
+ anchorFile.read(buf, fileSize);
+
+ try
+ {
+ using namespace CryptoPP;
+
+ OBufferStream os;
+ StringSource(reinterpret_cast<const uint8_t*>(buf), fileSize, true, new Base64Decoder(new FileSink(os)));
+ anchor = make_shared<IdentityCertificate>();
+ anchor->wireDecode(Block(os.buf()));
+ }
+ catch(CryptoPP::Exception& e)
+ {
+ emit warning(QString("Cannot load trust anchor!"));
+ }
+ catch(IdentityCertificate::Error& e)
+ {
+ emit warning(QString("Cannot load trust anchor!"));
+ }
+ catch(Block::Error& e)
+ {
+ emit warning(QString("Cannot load trust anchor!"));
+ }
+
+ delete [] buf;
+
+ return anchor;
+}
+
void
ContactManager::initializeSecurity()
{
- fs::path anchorPath = fs::path(getenv("HOME")) / ".chronos" / "anchor.cert";
- shared_ptr<IdentityCertificate> anchor = io::load<IdentityCertificate>(anchorPath.c_str());
+ shared_ptr<IdentityCertificate> anchor = loadTrustAnchor();
shared_ptr<ValidatorRegex> validator = make_shared<ValidatorRegex>(m_face);
validator->addDataVerificationRule(make_shared<SecRuleRelative>("^([^<DNS>]*)<DNS><ENDORSED>",
diff --git a/src/contact-manager.h b/src/contact-manager.h
index 6bcd429..fa28a9e 100644
--- a/src/contact-manager.h
+++ b/src/contact-manager.h
@@ -53,7 +53,10 @@
contactList.clear();
contactList.insert(contactList.end(), m_contactList.begin(), m_contactList.end());
}
-private:
+private:
+ ndn::shared_ptr<ndn::IdentityCertificate>
+ loadTrustAnchor();
+
void
initializeSecurity();